During a ransomware incident, a security analyst needs to isolate a compromised Windows device from the network while preserving the ability to manage it remotely via Microsoft Defender for Endpoint. Which action should be taken?
-
A
Delete the device from Azure AD
-
B
Contain the device using the Isolate Device action in the MDE portal
-
C
Disable the device's NIC via Group Policy
-
D
Power off the device immediately